def firewall(stem, fw_sn_id, fwm_sn_id, private_ranges, depends_on=None):
fw_pip = network.PublicIPAddress(
f'{stem}{s}fw{s}pip',
public_ip_address_name=f'{stem}{s}fw{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.PublicIPAddressSkuArgs(name='Standard', ),
public_ip_allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
fwm_pip = network.PublicIPAddress(
f'{stem}{s}fwm{s}pip',
public_ip_address_name=f'{stem}{s}fwm{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.PublicIPAddressSkuArgs(name='Standard', ),
public_ip_allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
fw = network.AzureFirewall(
f'{stem}{s}fw',
azure_firewall_name=f'{stem}{s}fw{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
additional_properties={
"Network.SNAT.PrivateRanges": private_ranges,
},
sku=network.AzureFirewallSkuArgs(
name='AZFW_VNet',
tier='Standard',
),
ip_configurations=[
network.AzureFirewallIPConfigurationArgs(
name=f'{stem}{s}fw{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(id=fw_pip.id, ),
subnet=network.SubnetArgs(id=fw_sn_id, ),
)
],
management_ip_configuration=network.AzureFirewallIPConfigurationArgs(
name=f'{stem}{s}fwm{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(id=fwm_pip.id, ),
subnet=network.SubnetArgs(id=fwm_sn_id, ),
),
tags=tags,
opts=ResourceOptions(
parent=self,
depends_on=depends_on,
custom_timeouts=CustomTimeouts(
create='1h',
update='1h',
delete='1h',
),
),
)
return fw
def expressroute_gateway(stem, subnet_id, depends_on=None):
er_gw_pip = network.PublicIPAddress(
f'{stem}{s}er{s}gw{s}pip',
public_ip_address_name=f'{stem}{s}er{s}gw{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
public_ip_allocation_method='Dynamic',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
er_gw = network.VirtualNetworkGateway(
f'{stem}{s}er{s}gw',
virtual_network_gateway_name=f'{stem}{s}er{s}gw{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.VirtualNetworkGatewaySkuArgs(
name='Standard',
tier='Standard',
),
gateway_type='ExpressRoute',
vpn_type='RouteBased',
enable_bgp=True,
ip_configurations=[
network.VirtualNetworkGatewayIPConfigurationArgs(
name=f'{stem}{s}er{s}gw{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(
id=er_gw_pip.id, ),
subnet=network.SubnetArgs(id=subnet_id, ),
)
],
tags=tags,
opts=ResourceOptions(
parent=self,
depends_on=depends_on,
custom_timeouts=CustomTimeouts(
create='1h',
update='1h',
delete='1h',
),
),
)
return er_gw
def bastion_host(stem, virtual_network_name, address_prefix, depends_on=None):
ab_sn = network.Subnet(
f'{stem}{s}ab{s}sn',
subnet_name='AzureBastionSubnet', # name required
resource_group_name=resource_group_name,
virtual_network_name=virtual_network_name,
address_prefix=address_prefix,
opts=ResourceOptions(
parent=self,
delete_before_replace=True,
depends_on=depends_on,
),
)
ab_pip = network.PublicIPAddress(
f'{stem}{s}ab{s}pip',
public_ip_address_name=f'{stem}{s}ab{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.PublicIPAddressSkuArgs(name='Standard', ),
public_ip_allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
ab = network.BastionHost(
f'{stem}{s}ab',
bastion_host_name=f'{stem}{s}ab{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
ip_configurations=[
network.BastionHostIPConfigurationArgs(
name=f'{stem}{s}ab{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(id=ab_pip.id, ),
subnet=network.SubnetArgs(id=ab_sn.id, ),
)
],
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
return ab
resource_group_name=resource_group.name,
location=location,
virtual_network_name="server-network",
address_space=network.AddressSpaceArgs(
address_prefixes=["10.0.0.0/16"], ),
subnets=[
network.SubnetArgs(
name="default",
address_prefix="10.0.0.0/24",
)
])
# Create a public IP to enable access on the Internet.
public_ip = network.PublicIPAddress("server-ip",
resource_group_name=resource_group.name,
location=location,
public_ip_address_name="server-ip",
public_ip_allocation_method="Dynamic")
# Create the network interface for the server.
network_iface = network.NetworkInterface(
"server-nic",
resource_group_name=resource_group.name,
location=resource_group.location,
network_interface_name="server-nic",
ip_configurations=[
network.NetworkInterfaceIPConfigurationArgs(
name="webserveripcfg",
subnet=network.SubnetArgs(id=net.subnets[0].id),
private_ip_allocation_method="Dynamic",
public_ip_address=network.PublicIPAddressArgs(id=public_ip.id),
},
"version": "9.5",
})
db = postgresql.Database(resource_name='psqldb-nc-db',
resource_group_name=resource_group.name,
database_name='controller-config',
charset='UTF8',
collation='en-US',
server_name=db_server.name)
public_ip = network.PublicIPAddress(
resource_name='pip-nc',
resource_group_name=resource_group.name,
public_ip_address_name='pip-nc-{0}'.format(installation_id),
location=location,
dns_settings=network.PublicIPAddressDnsSettingsArgs(
domain_name_label='controller-{0}'.format(installation_id.lower()), ),
public_ip_address_version='IPv4',
public_ip_allocation_method='Dynamic')
network_security_group = network.NetworkSecurityGroup(
resource_name='nsg-nc',
resource_group_name=resource_group.name,
network_security_group_name='nsg-nc-{0}'.format(installation_id),
location=location,
security_rules=[
network.SecurityRuleArgs(name='ssh',
direction='Inbound',
access='Allow',
protocol='Tcp',